[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] FCW 22.07.02 Cyberterror Übung "Dark Screen"
Federal Computer Week July 22, 2002
Cyberterrorism drill set - Operation Dark Screen to help
government, industry prepare for
BY Dan Caterinicchia
Federal, state and local government officials are partnering with
representatives from the private sector and the utilities community in a
exercise designed to identify the links between them in defending ?
and responding to ? a cyberattack.
Operation Dark Screen, the brainchild of Rep. Ciro Rodriguez
(D-Texas), is a three-phased exercise that will help all the players
understand their roles in preparing for, recovering from and
protecting the nation's critical infrastructure during a cyberattack.
"A lot of people think about chemical, biological and nuclear
attacks, but very few people think about the cyber," Rodriguez said.
"Anyone who is going
to hit us, it's going to be a combination of those."
For example, hackers might infiltrate the computer systems that
control San Antonio's power grid to attempt shutting off electricity
across the city.
Officials from the Air Intelligence Agency (AIA) at Lackland Air
Force Base, Texas, after tracking the hackers' movements, would notify
utility company, as well as federal, state and local law
enforcement officials, who would apprehend the criminals.
That's how the scenario should play out ? and what Dark Screen will
test ? but today, a lack of information sharing and response procedures
the levels of government and the private sector could mean a
victory for terrorists.
Collaboration is necessary, security experts say, because the
private sector controls 85 percent of the nation's critical
infrastructure, which includes
telecommunications, transportation and essential government
A spokesperson for AIA, one of the Dark Screen participants, said
the agency has taken part in numerous military intrusion exercises, but
this is the
first time it is participating in a civilian-led exercise involving
so many different groups.
AIA is serving as an adviser to the civilian and community
participants because agency officials feel their participation "will
help to improve the security
of the complex infrastructures in the San Antonio area," the
spokesperson said. "As a community partner and major user of at-risk
utilities, it is to the
[AIA's] advantage to assist in helping to preclude cyberattacks on
these valuable assets."
Lessons to be Learned
Dark Screen's first phase, scheduled for September, will be a
tabletop exercise in which a still-to-be-determined cyberattack will be
played out and all
participants will respond, said Gregory White, technical director
of the Center for Infrastructure Assurance and Security at the
University of Texas at
San Antonio, which is leading the planning and execution of Dark
AIA has assumed a leadership role in bringing together various
stakeholders, including representatives from the city, the county, the
Army, the Air
Force, the state attorney general's office, the FBI, the private
sector and many others.
The second phase of Dark Screen will focus on applying the lessons
learned from the tabletop exercise, and the third phase, to take place
will be a live exercise using actual attempts to penetrate
networks, White said. He added that the final phase is "greatly to be
defined," but will involve
"testing notification and alert chains."
"We can do it on paper, but by bringing everybody together at one
time, we can see who is prepared to do that," White said. "What we do
applicable across the nation."
John Pike, director of the nonprofit organization GlobalSecurity.
org, said the exercise was a welcome break from tradition. The usual
all-talk-and-no-action stance on cyberattacks is "rather strange,
given the number of emergency response exercises that are conducted to
other problems, such as hazardous materials spills or nuclear
accidents," he said. He added that actual exercises are needed to
The Defense Department frequently conducts exercises in which it
pays companies to penetrate their systems, but Dark Screen will "help
interdependencies and linkages between the different sectors,"
San Antonio officials plan to "review and modify" their
infrastructure security measures based on the Dark Screen findings, said
Mike Miller, the city's
emergency management coordinator.
"We hope to identify quick fixes and implement those quickly, as
well as look at long-term issues that will take more time and resources
said Miller, who is also assistant chief of the city's fire
department. "The most important thing that we hope to get out of the
exercise is securing San
Antonio's infrastructure to maintain all aspects of the quality of
life for our community. We also will share our experiences with other
help them be better prepared."
Inside and Out
The City Public Service (CPS), the utility provider for 560,000
electric and 302,000 gas customers in San Antonio, hopes to improve not
internal mechanisms, but also its external communications through
Dark Screen, according to Charles Lenz, manager of CPS' technology
Lenz said that his group would like "a more integrated and formal
internal approach to dealing with cyber incidents, as well as increased
with external sectors regarding cybersecurity issues." He added
that the lessons learned "will be evaluated internally and, where
resources and/or processes acquired or defined."
Lenz and Miller both said the only event that comes close to what
all of these organizations are attempting to do with Dark Screen was the
rollover. "Y2K was the last time we did this type of an event, with
a tabletop before the actual Y2K event," Miller said.
Rodriguez said the idea for Dark Screen was hatched over a year
ago, after the collision between a U.S. EP-3 spy plane and a Chinese
fighter jet in
which the Chinese pilot was killed.
That incident set off a series of activities by U.S. and Chinese
hackers, and lawmakers received reports that cyberattacks against the
Department and DOD increased during that time, he said. "Every time
there's an international crisis, the hits are a little higher."
Rodriguez said the need for a cyber military exercise was evident
back then, before the Sept. 11 terrorist attacks. Right after the
attacks, when phones
were useless and one of the few means of communication was by using
wireless handheld devices, the need to identify how the nation would
a full-scale cyberattack became critical.
"We really need to see what we can do," because what if the 911
emergency phone service goes down or financial institutions are hit,
"I recognize that participating in this exercise may raise concerns
about the privacy of individuals, proprietary business information,
and existing vulnerabilities, and these issues will be fully
examined and addressed in the planning stage" (see box).
Currently, all Dark Screen participants are paying their own way,
which hasn't cost much in the planning stages, but Rodriguez said he has
for $500,000 to pay for next year's live exercise.
Meanwhile, the lobbying efforts continue. Rodriguez said he had a
meeting July 11 with John Tritak, director of the Critical
Office, and that Tritak would be hosting a town hall meeting on
cyberterrorism in San Antonio in September, either right before or after
the first phase
of Dark Screen. Tritak could not be reached for comment.
HSFK Hessische Stiftung für Friedens- und Konfliktforschung
PRIF Peace Research Institute Frankfurt
Leimenrode 29 60322 Frankfurt a/M Germany
Tel +49 (0)69 9591 0422 Fax +49 (0)69 5584 81
- hsfk -
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.